Massive Overblocking Hits Hundreds Of UK Sites

from the well,-there's-a-surprise dept

Two years ago, Techdirt reported on a very troubling ruling in the UK courts that BT had to block access to the Usenet service provider Newzbin2. At the time, many feared that this would be the thin end of the wedge, giving copyright companies an easy way to shut down other sites. And with that power, of course, would come the inevitable errors, blocking completely unrelated sites. Just how seriously those mistakes could be is shown by this recent case of massive overblocking, reported here on PC Pro:

Virgin Media and Sky-owned Be Broadband customers found they were unable to access the Radio Times website last week, after the ISPs' anti-piracy filters included the site by accident. Telefonica, which still runs Be Broadband's network said that the overblocking had actually affected around 200 legitimate websites.

Many third-party load balanced systems, for example those using Amazon's AWS [Amazon Web Services] infrastructure, are enabled by pointing CNAME records at names controlled by those third-party systems. For example www.example.com may be pointed at loadbalancer.example.net. However, "example.com" usually cannot be directly given a CNAME record (CNAME records cannot be mixed with the other record types needed such as those pointing to nameservers and mailservers). A common approach is to point "example.com" to a server that merely redirects all requests to "www.example.com".

From forum posts we can see that it's this redirection system, in this specific case an A record used for "http-redirection-a.dnsmadeeasy.com", that has been blocked by the ISPs -- probably a court-order-blocked site is also using the service -- making numerous sites unavailable for any request made without the "www" prefix.

As ORG surmised, the problem arose from a UK court decision handed down last month that allowed the Football Association Premier League Limited to block FirstRow Sports, a site for live-streaming sports events. It turned out that the latter used the redirection service http-redirection-a.dnsmadeeasy.com, which was then blocked as part of the court order. Unfortunately, hundreds of other sites, which also used that redirection service, were also blocked as a result.

This is a classic case of overblocking, but on a scale hitherto unseen in the UK. It shows why such Web blocks are very crude instruments, and how easily they can go wrong for quite subtle technical reasons. The problem is that the companies seeking the blocks can make mistakes, but the ISPs implementing the blocks don't want to become responsible for checking that the blocks are correct, and thus implement whatever is sent to them.

The fact that the court could issue an order which didn’t see this coming and that the ISPs would act on it without checking that what they were doing was sensible is, in my opinion, extremely worrying. It shows how little power we as operators of a website have -- there are no guarantees that our hard work will travel along the little tubes that make up the internet to make it to your computer, and -- although Virgin were nice in this case -- it's disturbing to think we would have had no redress had they decided to keep blocking us. In the midst of a huge political argument in the UK about filtering content online, it's worth bearing in mind how a simple attempt by a multi-billion pound business to protect its revenue stream ended up, by complete and careless accident, preventing science getting done at the Zooniverse.

Sadly, we can probably expect things to get worse, as copyright companies resort to this approach more often, more mistakes are made, and more overblocks occur with little concern for the damage they cause.

OMG! "included the site by accident. ... around 200 legitimate websites."

200 sites is not "massive", it's less than one in a million.

Yesterday's story, presumably corrected by now, though seems none of the weenies report that was brief and minor.

"At the time, many feared that this would be the thin end of the wedge, giving copyright companies an easy way to shut down other sites." -- Not many fear that now, after two years experience and yet the net goes on.Mike Masnick on Techdirt: "its typical approach to these things: take something totally out of context, put some hysterical and inaccurate phrasing around it, dump an attention-grabbing headline on it and send it off to the press."

All I see is dollar and pound signs flying around. Websites losing revenue due to totalitarian blocking measures, ISP's losing revenue due to the ever increasing costs of maintaining totalitarian blocking lists.

Then there's the cultural and educational losses that will be incurred, due to totalitarian blocking

It's simply a lose-lose situation. Incurring all kinds of public and business losses, all across the globe.

Is it just blocking?

Since I am from outside the UK, I have to ask: is this blocking simply blocking, as in purely dropping the packet or returning an ICMP administratively prohibited response?

Or is it interception instead of blocking, where the request is redirected to an evil server, which answers pretending to be the original server?

The Zooniverse blog post implies it is the later. If so, it is even more disturbing, as it is returning a counterfeit response to the client (which is not always a web browser), and strengthens the case for everyone to move to HTTPS-only (with certificate validation) as soon as possible.

Yesterday

Yesterday our attempt to access a paper abput computational intelligence was blocked by websense with the explanation "category sex". The author works at the University of Essex - so this may be another instance of the Scunthorpe problem...

Re: OMG! "included the site by accident. ... around 200 legitimate websites."

Some of the sites blocked are rather high profile, and the the incident has made the national news. You however would agree with the Premiere League that the sites should not be unblocked without their permission.

Re: OMG! "included the site by accident. ... around 200 legitimate websites."

One site blocked by mistake is one site too many. This is the ability of people to make free speech online that is being threatened, but then again...you already knew that and you don't care. To you, no amount of collateral damage is too high, no amount of sites wrongfully shuttered is too high, as long as the copyright leeches get ever more and more power to block what they don't like.
How come you're not railing against this clear abuse of power by the copyright corporations? What excuse are you going to trot out for your hypocrisy and double standards?

Re: What it shows is...

The problem is they seem to think being completely and utterly clueless about technology is something to be proud of, rather than an embarrassment and something that should disqualify them from making laws that affect technology.

The worst thing about this story is that the Premier League were not only completely unapologetic about the overblocking, but they were actually angry with the ISPs who took unilateral steps to fix the screw up.

They said "The court order that requires internet service providers to block this website clearly states that any issues they have in implementing the block must be raised with the Premier League before taking any further action."

Can you imagine the size of the plums required for *that* to be your response to someone else cleaning up the collosal mess you made? Not 'thanks'. Not 'how can I repay you?' No. 'You should have left these other sites blocked till we said otherwise'.

this is the trouble when monkeys play, you get peanuts thrown back! Cameron ought to stick to politics. fucking that up only affects the UK. fucking with the Internet can screw things up for a much greater audience! when he thinks he knows more than his own advisors, such as Jimmy Whales, this is what happens! all those affected need to put in bills for the loss of service, going to court over it if necessary! he should also start listening to the people instead of just the self centered arse holes of the entertainment industries. they tell him how much they have lost by pulling a figure out of the air. he thinks the economy has then lost out rather than thinking the money went on other things, it didn't just vanish into thin air!

Re:

Or other words:

'Your quick fixing of the problem brought about by our poorly thought out and implemented system, rather than waiting for us to ignore it and only fix it when it got enough press attention we could show off to made us look bad, don't do it again.'